privacy policy

stc insiso is committed to maintaining the trust and confidence of our customers. We do not sell information to third parties for marketing or any other purposes. Our privacy policy details the information that we collect, how we use it, the conditions under which we may disclose it and how we keep it secure.

Website cookies

To make this website work properly, we sometimes place cookies on your device. Most websites do this.What are cookies?A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. How do we use cookies? Our website uses cookies to allow us to see how the site is being used by people who access our website including the pages they view and the customer journey around our website, and to collect information and remember your display preferences, such as contrast colour settings or font size, if you have already replied to a survey pop-up that asks you if the content was helpful or not (so you won't be asked again), and if you have agreed (or not) to our use of cookies on this site. The cookie-related information is not used to identify you personallyand the pattern data is fully under our control. How to control cookiesEnabling cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block cookies, but if you do that some features of this site may not work as intended. If you’d like to know more about managing cookies you can visit

Google Analytics

Google Analytics help us understand how the site is being used in order to improve the user experience. All user data is anonymous. You can find out more about Google’s position on privacy as regards its analytics service at

Mailing Lists

As part of the process of downloading information from our website or registering for our e-newsletter, we collect personal information. We use that information for a couple of reasons: to tell you about things you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information; to check our records are right and to check every now and then that you’re happy and satisfied. We don't rent or trade email lists with other organisations and businesses. We use a third-party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see

Data that we store and why

We may process your personal data for the purposes necessary for the performance of our contract with you or your employer and to comply with our legal obligations. Legal basis on which we process data:

Informational data (Consent) – Marketing materials, such as our e-newsletter and promotional offers for products and services, will be issued to a defined list of people who have consented for us to do so via an “opt in” registration process

Provision of products and services (Contract) – As part of our services to our customers, we will hold information to be able to support and update existing training programmes, business processes and any other deployments for the duration of the contract.

Accountancy Data (Legal Obligation) – To meet legal requirements, information is held within a SAGE accountancy system.

We may use your personal data to:

Provide information to you that you have requested from us

Provide information to you relating to products that may be of interest to you

Provide support services to you for systems that we have provided

Keep you informed of news updates and future developments

Carry out our obligations arising from any agreements entered between you OR your employer.

In some circumstances, we may anonymise or pseudonymise the personal data so that it can no longer be associated with you, in which case we may use it without further notice to you.

When you place an order with stc insiso, you will be registered as a customer within our SAGE accounting system. Information stored securely will include name, address data, email and contact numbers. Our administrative staff may use these contact details to process orders and invoicing.

Account details from SAGE are shared with our Accountants ( copies of orders and invoices are securely stored in Turf Moor House, 49 St Clair Wynd, Newburgh, Aberdeenshire AB41 6DZ, UK, in a keycode access office. Paper copies are destroyed securely after a five year period. When you make an enquiry with STC you will be registered in our Microsoft® Access database. This record may contain name, address, email and contact numbers.

Electronic data retention and protection

We will hold your data for the duration of our relationship with you (contracted term) plus an additional five years. You will have the opportunity to opt out or update or delete data at any point should you need to do so.

Data storage is on servers that are located within the UK & USA (encrypted) and no data is stored out with these regions.

We use full disk encryption on all employee laptops and desktops.

Our backups are encrypted at rest and in transit.

Our paper archives are stored in a secured location monitored for fire and theft.

We regularly audit our data privacy strategy to ensure it is fit for purpose.

We train our staff so that they can identify and avoid online scams such as phishing which may cause a data breach.

Automated decision making including profiling

We do not perform automated decision making or profiling.

Data sharing

As a partner of training organisations, stc insiso provides photograph, name and address details of delegates for qualifications obtained.

Training organisations include:



Access to your personal information

Under certain circumstances, by law you have the right to:

Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully.

Request correction of the personal data that we hold about you.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes.

Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal data to you or another data controller if the processing is based upon the performance of a contract or on consent, carried out by automated means and this is technically feasible.

In the event that stc insiso refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.


After reviewing GDPR legislation and consideration of Article 29 Working Party 'Guidelines on DPOs', stc insiso has chosen not to appoint a DPO. However, if you have any questions about this privacy policy or how we handle your personal information, please send an e-mail to

Contacting us and complaints

If you have any questions or are unhappy with how we have dealt with your personal information we would invite you to contact us directly in the first instance.

In the event that you are dissatisfied with how we have dealt with your complaint, you have the right to lodge a complaint with the Information Commissioner’s Office

Changes to this Privacy Policy

Our privacy policy will be reviewed regularly or updated if legislative changes are put in place. It was last updated on 24th January 2022.